The Cloud Shell service-linked role (AliyunServiceRoleForCloudShell) is a Resource Access Management (RAM) role that grants Cloud Shell access permissions to other Alibaba Cloud services. This role is required for specific operations in certain scenarios.
For more information about service-linked roles, see Service-linked Role.
Scenarios
The Cloud Shell service-linked role is required for the following scenario:
When you use Cloud Shell to manage cloud resources in a private network, a secondary Elastic Network Interface (ENI) is automatically created to establish the network connection. The service-linked role is required to obtain the operation permissions for the relevant cloud resources.
Delete the service-linked role
To delete the service-linked role, log on to the Resource Access Management (RAM) console and delete the role. For more information, see Service-linked Role.
Role details
The details of the Cloud Shell service-linked role are as follows:
Role name: AliyunServiceRoleForCloudShell.
Access policy name: AliyunServiceRolePolicyForCloudShell.
Access policy description:
{
"Version": "1",
"Statement": [
{
"Action": [
"ecs:CreateNetworkInterfacePermission",
"ecs:DeleteNetworkInterfacePermission",
"ecs:CreateNetworkInterface",
"ecs:DescribeNetworkInterfaces",
"ecs:DescribeSecurityGroups"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": [
"vpc:DescribeVSwitches",
"vpc:DescribeVpcs"
],
"Resource": "*",
"Effect": "Allow"
},
{
"Action": "ram:DeleteServiceLinkedRole",
"Resource": "*",
"Effect": "Allow",
"Condition": {
"StringEquals": {
"ram:ServiceName": "cloudshell.aliyuncs.com"
}
}
}
]
}